|Founded||October 19, 2011|
|Founders||Oded Horovitz |
|Oded Horovitz (CEO, co-founder) |
Steve Weis (CTO, co-founder)
Todd Thiemann (VP Marketing)
Carl Waldspurger (Advisor)
PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exists between “data in motion” encryption (TLS, email encryption) and “data at rest” encryption (disk encryption, tape encryption) by protecting “data in use” (random access memory). PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders. PrivateCore was acquired by Facebook, a deal that was announced on 7 August 2014.
PrivateCore was founded in 2011 by security veterans from VMware and Google with seed funding from Foundation Capital. PrivateCore “virtualizes” physical security and enables service providers and enterprises deploy servers processing sensitive data in outsourced environments while maintaining security around data in use.
The company's memory encryption technology has been spurred by a number of industry trends including the increasing sophistication of hackers, a larger number of servers in outsourced environments, larger amounts of sensitive data being placed in persistent memory, and x86 virtualization technology which can increase the environment attack surface.
PrivateCore's focus is securing data-in-use on x86 servers. The company has taken advantage of recent microprocessor innovations including larger microprocessor caches and hardware cryptographic acceleration technology that enable more effective methods of encrypting memory while maintaining acceptable application performance. The technology approach goes beyond previous academic research efforts such as TRESOR.
PrivateCore assumes that the only element that need be trusted in a system is the Central Processing Unit (CPU). The firm uses Trusted Platform Module (TPM) chips and Intel Trusted Execution Technology (Intel TXT) to provide remote server attestation. PrivateCore also supports the cryptographic hardware acceleration provided by Intel AES-NI technology.
PrivateCore technology is positioned as being most applicable to outsourced or hosted environments where the enterprise cannot have trust in the compute infrastructure.
The PrivateCore vCage product portfolio comprises vCage Manager and vCage Host. vCage Manager validates the integrity of x86 servers running Linux as well as the vCage Host. vCage Host installs on bare-metal servers and provides a hardened hypervisor based on KVM that can secure server random access memory (RAM) with AES encryption. vCage Host does this by loading a secure hypervisor into CPU cache and acting as a gateway to encrypt memory paging in and out between the CPU cache and RAM. vCage memory encryption leverages the KVM hypervisor but also has the potential to support other hypervisors. vCage Host supports existing KVM management tools.
vCage supports a number of use cases including creating OpenStack trusted computing pools as well as protecting x86 servers in co-location and bare-metal cloud environments.
vCage Manager and vCage Host became generally available on 11 February 2014.
- "PrivateCore.com WHOIS, DNS, & Domain Info - DomainTools". WHOIS. Retrieved 2016-03-21.
- CrunchBase, PrivateCore, June 6, 2012: "PrivateCore"
- Angellist, PrivateCore, June 6, 2012: "PrivateCore"
- Dark Reading, Robert Lemos, January 31, 2013:"The Physical Security Factor With Cloud Providers"
- Reuters, Kurt Wagner, August 7, 2014:"Facebook Acquires Security Startup PrivateCore to Better Protect Its Data Centers"
- TechCrunch, Sarah Perez, August 7, 2014:"Facebook Buys Secure Server Technology Provider PrivateCore"
- StartUpBeat, StartUpBeat Editor, June 25, 2012:"PrivateCore has built a private computing platform that gives users a high level of data security, online or off"
- GCN, John Moore, March 12, 2014:"How to lock down data in use -- and in the cloud"
- Official website
- Physical Privilege Escalation and Mitigation in the x86 World, talk given by the founders at CanSecWest 2013